1 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group;
3 import static org.junit.Assert.fail;
6 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
7 import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule.NeutronSecurityRuleAware;
8 import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule.SecRuleDao;
9 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.ConfigDataStoreReader;
10 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.GbpDataBrokerTest;
11 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
12 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
13 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
14 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
15 import org.opendaylight.neutron.spi.NeutronSecurityGroup;
16 import org.opendaylight.neutron.spi.NeutronSecurityRule;
17 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
18 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
19 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
20 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup.IntraGroupPolicy;
22 import com.google.common.base.Optional;
23 import com.google.common.collect.ImmutableList;
24 import com.google.common.collect.ImmutableSet;
26 public class NeutronSecurityGroupAwareDataStoreTest extends GbpDataBrokerTest {
29 public void testAddAndDeleteNeutronSecurityGroup_noSecurityRules() throws Exception {
30 DataBroker dataBroker = getDataBroker();
31 SecRuleDao secRuleDao = new SecRuleDao();
32 SecGroupDao secGroupDao = new SecGroupDao();
33 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
34 NeutronSecurityGroupAware groupAware = new NeutronSecurityGroupAware(dataBroker, ruleAware, secGroupDao);
36 final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
37 final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
38 final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
40 NeutronSecurityGroup secGroup1 = NeutronEntityFactory.securityGroup(secGroupId1, tenantId);
41 NeutronSecurityGroup secGroup2 = NeutronEntityFactory.securityGroup(secGroupId2, tenantId);
43 groupAware.created(secGroup1);
45 PolicyAssert.assertTenantExists(dataBroker, tenantId);
46 PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
47 PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 1);
48 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
49 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
50 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
51 PolicyAssert.assertIntraGroupPolicy(dataBroker, tenantId, secGroupId1, IntraGroupPolicy.RequireContract);
53 groupAware.deleted(secGroup1);
55 PolicyAssert.assertTenantExists(dataBroker, tenantId);
56 PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
57 PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 0);
59 groupAware.created(secGroup1);
60 groupAware.created(secGroup2);
62 PolicyAssert.assertTenantExists(dataBroker, tenantId);
63 PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
64 PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 2);
65 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
66 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
67 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
68 PolicyAssert.assertIntraGroupPolicy(dataBroker, tenantId, secGroupId1, IntraGroupPolicy.RequireContract);
69 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
70 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId2);
71 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId2);
72 PolicyAssert.assertIntraGroupPolicy(dataBroker, tenantId, secGroupId2, IntraGroupPolicy.RequireContract);
74 groupAware.deleted(secGroup2);
76 PolicyAssert.assertTenantExists(dataBroker, tenantId);
77 PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
78 PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 1);
79 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
80 PolicyAssert.assertNoProviderNamedSelectors(dataBroker, tenantId, secGroupId1);
81 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
83 groupAware.deleted(secGroup1);
85 PolicyAssert.assertTenantExists(dataBroker, tenantId);
86 PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
87 PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 0);
91 public void testAddAndDeleteNeutronSecurityGroup_withSecurityRules() throws Exception {
92 DataBroker dataBroker = getDataBroker();
93 SecRuleDao secRuleDao = new SecRuleDao();
94 SecGroupDao secGroupDao = new SecGroupDao();
95 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
96 NeutronSecurityGroupAware groupAware = new NeutronSecurityGroupAware(dataBroker, ruleAware, secGroupDao);
98 final String tenantId = "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
99 final String secGroupId1 = "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb";
100 final String secGroupId2 = "cccccccc-cccc-cccc-cccc-cccccccccccc";
101 final String secRuleId1 = "dddddddd-dddd-dddd-dddd-dddddddddddd";
102 final String secRuleId2 = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
104 NeutronSecurityRule secRule1 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId1, tenantId,
105 NeutronUtils.IPv4, NeutronUtils.EGRESS, secGroupId1, null);
107 NeutronSecurityRule secRule2 = NeutronEntityFactory.securityRuleWithEtherType(secRuleId2, tenantId,
108 NeutronUtils.IPv4, NeutronUtils.INGRESS, secGroupId2, secGroupId1);
110 NeutronSecurityGroup secGroup1 = NeutronEntityFactory.securityGroup(secGroupId1, tenantId,
111 ImmutableList.of(secRule1));
113 NeutronSecurityGroup secGroup2 = NeutronEntityFactory.securityGroup(secGroupId2, tenantId,
114 ImmutableList.of(secRule2));
116 groupAware.created(secGroup1);
118 PolicyAssert.assertTenantExists(dataBroker, tenantId);
119 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
120 Optional<Contract> contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
121 PolicyAssert.assertContract(contract.get(), secRule1);
122 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
123 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
124 Optional<EndpointGroup> epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
125 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
126 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
127 PolicyAssert.assertIntraGroupPolicy(dataBroker, tenantId, secGroupId1, IntraGroupPolicy.RequireContract);
128 PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 1);
130 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
131 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
133 groupAware.deleted(secGroup1);
135 PolicyAssert.assertTenantExists(dataBroker, tenantId);
136 PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
137 PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 0);
139 PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
140 // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
141 // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
143 groupAware.created(secGroup1);
144 groupAware.created(secGroup2);
146 PolicyAssert.assertTenantExists(dataBroker, tenantId);
147 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
148 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
149 PolicyAssert.assertContract(contract.get(), secRule1);
150 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId2);
151 PolicyAssert.assertContract(contract.get(), secRule2);
152 PolicyAssert.assertContractCount(dataBroker, tenantId, 2);
153 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
154 epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
155 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
156 PolicyAssert.assertConsumerNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId2)));
157 PolicyAssert.assertIntraGroupPolicy(dataBroker, tenantId, secGroupId1, IntraGroupPolicy.RequireContract);
158 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId2);
159 Optional<EndpointGroup> epGroup2 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId2);
160 PolicyAssert.assertProviderNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId2)));
161 PolicyAssert.assertConsumerNamedSelectors(epGroup2.get(), ImmutableSet.of(new ContractId(secRuleId1)));
162 PolicyAssert.assertIntraGroupPolicy(dataBroker, tenantId, secGroupId2, IntraGroupPolicy.RequireContract);
163 PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 2);
164 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
165 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
167 groupAware.deleted(secGroup2);
169 PolicyAssert.assertTenantExists(dataBroker, tenantId);
170 PolicyAssert.assertContractExists(dataBroker, tenantId, secRuleId1);
171 contract = ConfigDataStoreReader.readContract(dataBroker, tenantId, secRuleId1);
172 PolicyAssert.assertContract(contract.get(), secRule1);
173 PolicyAssert.assertContractCount(dataBroker, tenantId, 1);
174 PolicyAssert.assertEndpointGroupExists(dataBroker, tenantId, secGroupId1);
175 epGroup1 = ConfigDataStoreReader.readEndpointGroup(dataBroker, tenantId, secGroupId1);
176 PolicyAssert.assertProviderNamedSelectors(epGroup1.get(), ImmutableSet.of(new ContractId(secRuleId1)));
177 PolicyAssert.assertNoConsumerNamedSelectors(dataBroker, tenantId, secGroupId1);
178 PolicyAssert.assertIntraGroupPolicy(dataBroker, tenantId, secGroupId1, IntraGroupPolicy.RequireContract);
179 PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 1);
181 PolicyAssert.assertClassifierInstanceExists(dataBroker, secRule1);
182 PolicyAssert.assertActionInstanceExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
184 groupAware.deleted(secGroup1);
186 PolicyAssert.assertTenantExists(dataBroker, tenantId);
187 PolicyAssert.assertContractCount(dataBroker, tenantId, 0);
188 PolicyAssert.assertEndpointGroupCount(dataBroker, tenantId, 0);
190 PolicyAssert.assertClassifierInstanceNotExists(dataBroker, secRule1);
191 // TODO: Uncomment this when the life cycle of the Allow ActionInstance will be clarified.
192 // PolicyAssert.assertActionInstanceNotExists(dataBroker, tenantId, MappingUtils.ACTION_ALLOW.getName());
196 public void testConstructor_invalidArgument() throws Exception {
197 DataBroker dataBroker = getDataBroker();
198 SecRuleDao secRuleDao = new SecRuleDao();
199 SecGroupDao secGroupDao = new SecGroupDao();
200 NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
201 assertExceptionInConstructor(null, ruleAware, secGroupDao);
202 assertExceptionInConstructor(dataBroker, null, secGroupDao);
203 assertExceptionInConstructor(dataBroker, ruleAware, null);
204 assertExceptionInConstructor(null, null, null);
207 private void assertExceptionInConstructor(DataBroker dataBroker, NeutronSecurityRuleAware secRuleAware,
208 SecGroupDao secGroupDao) {
210 new NeutronSecurityGroupAware(dataBroker, secRuleAware, secGroupDao);
211 fail(NullPointerException.class.getName() + " expected");
212 } catch (NullPointerException ex) {